Data protection policy

App iNuba

In compliance with EU Regulation 2016/679 General Data Protection Regulation, (hereinafter, “GDPR”) and the Spanish Organic Law 3/2018 of 5 December on the Protection of Personal Data and guarantee of digital rights (hereinafter “LOPDGDD”), we hereby inform the user (hereinafter, “User”) about the way in which their personal data will be processed through the iNuba App (hereinafter, “App”).

1. DATA CONTROLLER

· Owner: 3DHealthAI, S.L. (hereinafter ” iNuba “)

· Registered office: Polígono Industrial Los Vientos, Calle Levante S/N 46119 Náquera, Valencia (Spain).

· CIF: B-40644445 · E-mail: [email protected]

2. CATEGORIES OF DATA COLLECTED, PURPOSES OF PROCESSING AND LEGAL BASIS FOR PROCESSING PERSONAL DATA.

2.1 User registration

The user must fill in the registration form, as well as general questions to find out about their lifestyle. Specifically, the following types of personal data will be collected:

· Identification data: name and surname.

· Contact details: e-mail address.

· Personal characteristics data collected through general questionnaires: inter alia, ethnicity, purpose, lifestyle, type of activity, frequency of activity.

The personal data requested at the time of user registration are strictly necessary in order to know the physical and circumstantial characteristics of the User. If this information is not provided, the User will not be able to use the services offered by the App.

Likewise, for the correct functioning of the App and optimal provision of services, the User must provide special category data in accordance with the provisions of the GDPR, including health data. Consequently, the App will request the User’s authorisation for the processing of such personal data.

If the User does not authorise the processing of health data, he/she will not be able to use the services of the App.

At the time of registration of the App, and after obtaining the corresponding permissions, the App may access personal data of the Users included in the public profiles of Facebook or Google. Specifically, identification data, if applicable, name and surname, url of the photo and nickname, and additionally, the email address. Although iNuba has access to this data, it will only process the data relating to email address.

The processing of the user’s personal data in this first phase of the user’s registration will be carried out on the basis of the execution of the contractual relationship and, where applicable, on the basis of the user’s consent for the purposes for which it is collected.

2.2 Use of the App

In order to benefit from the services offered by the App, iNuba processes the following categories of users’ personal data: identification data, personal characteristics, as well as health data (diseases, intolerances, allergies, muscle mass, BMI, physiognomy, among others), location data, contacts, email and authentication credentials.

Also, if the App user has undergone the iNubaBox scanner, the data obtained from the scanner will be synchronised with the App which, as a consequence, will additionally process the following data, among others: % muscle mass, % fat mass, % intracellular water, etc. The image processing for the 3D reconstruction of the user, as well as the perimeters calculated from the 3D reconstruction (neck, chest, waist, upper thigh, lower thigh, etc.). If the user has not undergone such a scan, he/she can voluntarily enter the perimeters of certain parts of his/her body.

Furthermore, iNuba may ask the user to provide additional data such as, among others; lifestyle (sedentary, active, very active), chronic diseases (diabetes, hypertension…), intolerances (gluten, nuts…), daily sports activity (frequency of training). These data will be used so that nutrition and training plans can be better adapted to the needs of each user.

The above-mentioned personal data will generally be processed for the following purposes:

· Design personalised training and nutrition plans adapted to the user according to the parameters previously described and registered in the App.

· Conducting analyses of behavioural patterns and lifestyle/habits.

· Realisation of personalised marketing campaigns.

The use of the App may involve access to and interconnection with information from other applications with the User’s prior consent, such as the Health App, Smartwatch App. These tools provide useful data on the distance travelled by the user, the time spent on the route, the average speed, the evolution of their constants, for the purposes of, among others, being able to draw up nutrition and/or training programmes adjusted to the possibilities and needs of the client User.

Likewise, after obtaining the corresponding permissions, iNuba App will be able to access the location data, access to the camera and gallery of the User’s device while the User is using the App. The User will be able to modify his preferences through the settings of his device.

The legitimate basis for the processing of user data in the use of the App is the execution of the contractual relationship and, where appropriate, consent for the purposes for which it is collected.

2.3 Payment of the service through the App

iNuba provides both free and paid services, which are clearly identified in the App itself. In the case of paid services, the price includes VAT.

For the purpose of enabling the payment of the services provided in the App, iNuba will process the data relating to the bank card in order to manage the payment of the subscription to the App.

The processing of personal data relating to bank card details is carried out on the basis of the execution of the contractual relationship.

2.4 Profiling for the sending of personalised marketing communications

iNuba will carry out processing consisting of profiling users for the purpose of sending personalised electronic commercial communications.

No automated decisions will be taken on the basis of such profiles.

The profiling of Users will be carried out taking into consideration criteria such as demographic and health data of the User, objectives, needs, actions carried out on the App.

iNuba informs that the User may at any time exercise his/her rights of access, rectification, erasure of his/her data (including personal data for profiling, as well as the profile itself, the right to restrict the data processing (applying to any phase of the processing relating to profiling), as well as to revoke his/her consent by unsubscribing from these personalised electronic commercial communications by following the instructions at the bottom of each of them.

The legitimate basis for carrying out this processing is the consent of the User.

2.5 Use of wearables and other external devices

We may collect personal data, including data fitness and wellness data, when you use a device that is connected to the Internet, such as smartwatches, heart rate monitors, activity trackers, and other devices or wearables. These fitness and wellness data relates to your lifestyle, sleeping habits, life events, physical activities, measurements, heart rate, and similar types of data. The use of these data enhances our mobile app and the interaction with the user by providing intraday and daily data points related to the user’s activity and body metrics. This allows our proprietary algorithms to dynamically update the user’s nutrition and fitness plans, as well as offer

Apple HealthKit – Our users can sync some of our products with Apple’s HealthKit, which provides a central repository for health and fitness data on iPhone and Apple Watch. Within the Health Kit settings, they can decide whether they want to allow our products to read and write personal data from and to the Health Kit.

Google Fit – Our users can sync some of our products with Google’s Fit SDK which is an open platform that lets users control their fitness data. Within Google Fit’s settings they can decide whether they want to allow our products to read and write personal data from and to Google Fit. The use of these data enhances our mobile app and the interaction with the user by providing intraday and daily data points related to the user’s activity and body metrics.

3. PRESERVATION OF DATA

Personal data will be kept for the time necessary to fulfil the purpose for which they are collected, during the maintenance of the contractual relationship, as well as for the time necessary to determine the possible responsibilities that may arise from the purposes.

However, with regard to the processing of the images, they are made to make the 3D reconstruction of the user, so that, once the reconstruction has been completed, these images are deleted, and iNuba does not keep them.

The uninstallation of the App does not entail the deletion of the User’s data, so in the event that the User wishes the deletion of his/her personal data, he/she must exercise the right of deletion in accordance with the instructions described in section 7 of this data protection policy.

4. RECIPIENTS

Personal data may be communicated in order to comply with a legal obligation and/or following a legal, judicial or administrative requirement, e.g. to state security forces and bodies, the Courts and Tribunals or the Spanish Data Protection Agency.

Furthermore, iNUBA, in some cases, may provide services to third party companies and therefore to their customers, sharing the personal data of such customers obtained through iNubaBox and iNubaApp.

5. INTERNATIONAL DATA TRANSFERS

iNUBA informs you that it contracts with third parties who, for the provision of certain services, may have access to your personal data. These third parties are located outside the European Economic Area, namely in the USA, which does not currently have an adequate level of protection according to the European Commission. Notwithstanding the above, both the access to personal data and the international transfer itself are regularised through the signature of the corresponding standard contractual clauses adopted by the European Commission, as well as through the commissioning agreement, in accordance with data protection regulations, to which you may have access upon request.

6. PRIVACY NOTICE FOR MINORS

The App may only be used by persons 14 years of age or older in the case of Spain, for persons 13 years of age or older in the case of the United Kingdom, and from 16 years of age for the rest of the world, in accordance with the provisions of current legislation. In the event that a user is under such age, he/she declares that any of his/her parents or legal guardian has reviewed and accepted these terms of use.

7. DATA PROTECTION RIGHTS

At any time, users may exercise their rights of access, rectification, erasure , opposition, restriction and portability of their data by sending their request to the following e-mail address [email protected] or by post to the following address, Polígono Industrial Los Vientos, Calle Levante S/N, under the reference subject: “Data Protection”.

Likewise, the User may the consent to receive personalised electronic commercial communications in accordance with that described in section 2.5 of this data protection policy, by unsubscribing, following the instructions found in the footer of each electronic commercial communication.

The user can request the deletion of all their data by clicking on “Settings”, “Account details”, “Delete account”, and then confirming the deletion of the account. After that, all the user’s data stored in our servers and databases are fully deleted and irretrievable.

8. COMPLAINT

Users are informed that if they consider that the exercise of their rights has not been satisfied, they may lodge a complaint with the European Supervisory Authority. More information at ec.europa.eu.

Last update: January 2022